Omniscia Euler Finance Audit
YieldAggregatorFactory Manual Review Findings
YieldAggregatorFactory Manual Review Findings
YAF-01M: Deprecated Nonce-Based Factory Mechanism
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | YieldAggregatorFactory.sol:L39 |
Description:
The YieldAggregatorFactory::deployYieldAggregator function will deploy a YieldAggregator using the outdated create factory approach which leads to deterministic addresses based on the contract's transaction nonce.
This approach has been deprecated due to leading to potential issues involving cross-chain deployments as well as address pre-computation assumptions, as a particular yield aggregator address deployed on one network might be "overtaken" on another if the same contract-level transaction nonce is reached.
Impact:
The current deployment mechanism of the YieldAggregatorFactory might result in the same yield aggregator address across chains to be owned by a different party due to relying on a nonce-based deployment mechanism.
Example:
39address eulerYieldAggregatorVault = Clones.clone(yieldAggregatorImpl);Recommendation:
We advise a create2 based approach to be utilized that uses a caller and blockchain dependent factor in the salt calculation, ensuring that contract addresses across chains are distinct and cannot be reproduced maliciously.
Alleviation:
The Euler Finance team evaluated this exhibit and opted to not apply it as they already have provisions in place to rotate the deployer key across chain deployments thereby ensuring different address generations even across the same nonces.
As such, we consider this exhibit safely acknowledged.